Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Sat, 21 Sep 2019 15:56:48
Message-Id: 1569081385.49e769a53303da6d649610b2d4e1c4690776ef65.mpagano@gentoo
1 commit: 49e769a53303da6d649610b2d4e1c4690776ef65
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Sep 21 15:56:25 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Sep 21 15:56:25 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=49e769a5
7
8 Linux patch 4.4.194
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1193_linux-4.4.194.patch | 1406 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1410 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 7541a4e..ba81005 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -815,6 +815,10 @@ Patch: 1192_linux-4.4.193.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.4.193
23
24 +Patch: 1193_linux-4.4.194.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.4.194
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1193_linux-4.4.194.patch b/1193_linux-4.4.194.patch
33 new file mode 100644
34 index 0000000..e6d98d1
35 --- /dev/null
36 +++ b/1193_linux-4.4.194.patch
37 @@ -0,0 +1,1406 @@
38 +diff --git a/Makefile b/Makefile
39 +index 34d2be9c8459..bea8f3f591c4 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 4
45 +-SUBLEVEL = 193
46 ++SUBLEVEL = 194
47 + EXTRAVERSION =
48 + NAME = Blurry Fish Butt
49 +
50 +diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig
51 +index 3023f91c77c2..9843e52bbb13 100644
52 +--- a/arch/arc/configs/axs101_defconfig
53 ++++ b/arch/arc/configs/axs101_defconfig
54 +@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y
55 + # CONFIG_UTS_NS is not set
56 + # CONFIG_PID_NS is not set
57 + CONFIG_BLK_DEV_INITRD=y
58 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/"
59 + CONFIG_EMBEDDED=y
60 + CONFIG_PERF_EVENTS=y
61 + # CONFIG_VM_EVENT_COUNTERS is not set
62 +diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig
63 +index f18107185f53..27c6cb573686 100644
64 +--- a/arch/arc/configs/axs103_defconfig
65 ++++ b/arch/arc/configs/axs103_defconfig
66 +@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y
67 + # CONFIG_UTS_NS is not set
68 + # CONFIG_PID_NS is not set
69 + CONFIG_BLK_DEV_INITRD=y
70 +-CONFIG_INITRAMFS_SOURCE="../../arc_initramfs_hs/"
71 + CONFIG_EMBEDDED=y
72 + CONFIG_PERF_EVENTS=y
73 + # CONFIG_VM_EVENT_COUNTERS is not set
74 +diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig
75 +index 6e1dd8521d2a..72f34534983f 100644
76 +--- a/arch/arc/configs/axs103_smp_defconfig
77 ++++ b/arch/arc/configs/axs103_smp_defconfig
78 +@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y
79 + # CONFIG_UTS_NS is not set
80 + # CONFIG_PID_NS is not set
81 + CONFIG_BLK_DEV_INITRD=y
82 +-CONFIG_INITRAMFS_SOURCE="../../arc_initramfs_hs/"
83 + CONFIG_EMBEDDED=y
84 + CONFIG_PERF_EVENTS=y
85 + # CONFIG_VM_EVENT_COUNTERS is not set
86 +diff --git a/arch/arc/configs/nsim_700_defconfig b/arch/arc/configs/nsim_700_defconfig
87 +index 86e5a62556a8..c93370cc840a 100644
88 +--- a/arch/arc/configs/nsim_700_defconfig
89 ++++ b/arch/arc/configs/nsim_700_defconfig
90 +@@ -11,7 +11,6 @@ CONFIG_NAMESPACES=y
91 + # CONFIG_UTS_NS is not set
92 + # CONFIG_PID_NS is not set
93 + CONFIG_BLK_DEV_INITRD=y
94 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/"
95 + CONFIG_KALLSYMS_ALL=y
96 + CONFIG_EMBEDDED=y
97 + # CONFIG_SLUB_DEBUG is not set
98 +diff --git a/arch/arc/configs/nsim_hs_defconfig b/arch/arc/configs/nsim_hs_defconfig
99 +index f68838e8068a..27c73028b798 100644
100 +--- a/arch/arc/configs/nsim_hs_defconfig
101 ++++ b/arch/arc/configs/nsim_hs_defconfig
102 +@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y
103 + # CONFIG_UTS_NS is not set
104 + # CONFIG_PID_NS is not set
105 + CONFIG_BLK_DEV_INITRD=y
106 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/"
107 + CONFIG_KALLSYMS_ALL=y
108 + CONFIG_EMBEDDED=y
109 + # CONFIG_SLUB_DEBUG is not set
110 +diff --git a/arch/arc/configs/nsim_hs_smp_defconfig b/arch/arc/configs/nsim_hs_smp_defconfig
111 +index 96bd1c20fb0b..c3605874487b 100644
112 +--- a/arch/arc/configs/nsim_hs_smp_defconfig
113 ++++ b/arch/arc/configs/nsim_hs_smp_defconfig
114 +@@ -9,7 +9,6 @@ CONFIG_NAMESPACES=y
115 + # CONFIG_UTS_NS is not set
116 + # CONFIG_PID_NS is not set
117 + CONFIG_BLK_DEV_INITRD=y
118 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/"
119 + CONFIG_KALLSYMS_ALL=y
120 + CONFIG_EMBEDDED=y
121 + # CONFIG_SLUB_DEBUG is not set
122 +diff --git a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig
123 +index a4d7b919224a..b7dbb20cd28b 100644
124 +--- a/arch/arc/configs/nsimosci_defconfig
125 ++++ b/arch/arc/configs/nsimosci_defconfig
126 +@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y
127 + # CONFIG_UTS_NS is not set
128 + # CONFIG_PID_NS is not set
129 + CONFIG_BLK_DEV_INITRD=y
130 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs/"
131 + CONFIG_KALLSYMS_ALL=y
132 + CONFIG_EMBEDDED=y
133 + # CONFIG_SLUB_DEBUG is not set
134 +diff --git a/arch/arc/configs/nsimosci_hs_defconfig b/arch/arc/configs/nsimosci_hs_defconfig
135 +index b3fb49c8bd14..ce22594bb0c7 100644
136 +--- a/arch/arc/configs/nsimosci_hs_defconfig
137 ++++ b/arch/arc/configs/nsimosci_hs_defconfig
138 +@@ -12,7 +12,6 @@ CONFIG_NAMESPACES=y
139 + # CONFIG_UTS_NS is not set
140 + # CONFIG_PID_NS is not set
141 + CONFIG_BLK_DEV_INITRD=y
142 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/"
143 + CONFIG_KALLSYMS_ALL=y
144 + CONFIG_EMBEDDED=y
145 + # CONFIG_SLUB_DEBUG is not set
146 +diff --git a/arch/arc/configs/nsimosci_hs_smp_defconfig b/arch/arc/configs/nsimosci_hs_smp_defconfig
147 +index 710c167bbdd8..f9e5aef7e04e 100644
148 +--- a/arch/arc/configs/nsimosci_hs_smp_defconfig
149 ++++ b/arch/arc/configs/nsimosci_hs_smp_defconfig
150 +@@ -9,7 +9,6 @@ CONFIG_IKCONFIG_PROC=y
151 + # CONFIG_UTS_NS is not set
152 + # CONFIG_PID_NS is not set
153 + CONFIG_BLK_DEV_INITRD=y
154 +-CONFIG_INITRAMFS_SOURCE="../arc_initramfs_hs/"
155 + # CONFIG_COMPAT_BRK is not set
156 + CONFIG_KPROBES=y
157 + CONFIG_MODULES=y
158 +diff --git a/arch/arc/kernel/traps.c b/arch/arc/kernel/traps.c
159 +index 2fb0cd39a31c..cd6e3615e3d1 100644
160 +--- a/arch/arc/kernel/traps.c
161 ++++ b/arch/arc/kernel/traps.c
162 +@@ -163,3 +163,4 @@ void abort(void)
163 + {
164 + __asm__ __volatile__("trap_s 5\n");
165 + }
166 ++EXPORT_SYMBOL(abort);
167 +diff --git a/arch/arm/mach-omap2/omap4-common.c b/arch/arm/mach-omap2/omap4-common.c
168 +index 949696b6f17b..511fd08c784b 100644
169 +--- a/arch/arm/mach-omap2/omap4-common.c
170 ++++ b/arch/arm/mach-omap2/omap4-common.c
171 +@@ -131,6 +131,9 @@ static int __init omap4_sram_init(void)
172 + struct device_node *np;
173 + struct gen_pool *sram_pool;
174 +
175 ++ if (!soc_is_omap44xx() && !soc_is_omap54xx())
176 ++ return 0;
177 ++
178 + np = of_find_compatible_node(NULL, NULL, "ti,omap4-mpu");
179 + if (!np)
180 + pr_warn("%s:Unable to allocate sram needed to handle errata I688\n",
181 +diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
182 +index a9f6705aea23..731b7e64715b 100644
183 +--- a/arch/arm/mm/init.c
184 ++++ b/arch/arm/mm/init.c
185 +@@ -691,7 +691,8 @@ static void update_sections_early(struct section_perm perms[], int n)
186 + if (t->flags & PF_KTHREAD)
187 + continue;
188 + for_each_thread(t, s)
189 +- set_section_perms(perms, n, true, s->mm);
190 ++ if (s->mm)
191 ++ set_section_perms(perms, n, true, s->mm);
192 + }
193 + read_unlock(&tasklist_lock);
194 + set_section_perms(perms, n, true, current->active_mm);
195 +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
196 +index 687a3eb8d4d9..422624ca0132 100644
197 +--- a/arch/mips/Kconfig
198 ++++ b/arch/mips/Kconfig
199 +@@ -761,7 +761,6 @@ config SIBYTE_SWARM
200 + select SYS_SUPPORTS_HIGHMEM
201 + select SYS_SUPPORTS_LITTLE_ENDIAN
202 + select ZONE_DMA32 if 64BIT
203 +- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI
204 +
205 + config SIBYTE_LITTLESUR
206 + bool "Sibyte BCM91250C2-LittleSur"
207 +@@ -784,7 +783,6 @@ config SIBYTE_SENTOSA
208 + select SYS_HAS_CPU_SB1
209 + select SYS_SUPPORTS_BIG_ENDIAN
210 + select SYS_SUPPORTS_LITTLE_ENDIAN
211 +- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI
212 +
213 + config SIBYTE_BIGSUR
214 + bool "Sibyte BCM91480B-BigSur"
215 +@@ -798,7 +796,6 @@ config SIBYTE_BIGSUR
216 + select SYS_SUPPORTS_HIGHMEM
217 + select SYS_SUPPORTS_LITTLE_ENDIAN
218 + select ZONE_DMA32 if 64BIT
219 +- select SWIOTLB if ARCH_DMA_ADDR_T_64BIT && PCI
220 +
221 + config SNI_RM
222 + bool "SNI RM200/300/400"
223 +diff --git a/arch/mips/include/asm/netlogic/xlr/fmn.h b/arch/mips/include/asm/netlogic/xlr/fmn.h
224 +index 5604db3d1836..d79c68fa78d9 100644
225 +--- a/arch/mips/include/asm/netlogic/xlr/fmn.h
226 ++++ b/arch/mips/include/asm/netlogic/xlr/fmn.h
227 +@@ -301,8 +301,6 @@ static inline int nlm_fmn_send(unsigned int size, unsigned int code,
228 + for (i = 0; i < 8; i++) {
229 + nlm_msgsnd(dest);
230 + status = nlm_read_c2_status0();
231 +- if ((status & 0x2) == 1)
232 +- pr_info("Send pending fail!\n");
233 + if ((status & 0x4) == 0)
234 + return 0;
235 + }
236 +diff --git a/arch/mips/include/asm/smp.h b/arch/mips/include/asm/smp.h
237 +index 03722d4326a1..82852dfd8dab 100644
238 +--- a/arch/mips/include/asm/smp.h
239 ++++ b/arch/mips/include/asm/smp.h
240 +@@ -25,7 +25,17 @@ extern cpumask_t cpu_sibling_map[];
241 + extern cpumask_t cpu_core_map[];
242 + extern cpumask_t cpu_foreign_map;
243 +
244 +-#define raw_smp_processor_id() (current_thread_info()->cpu)
245 ++static inline int raw_smp_processor_id(void)
246 ++{
247 ++#if defined(__VDSO__)
248 ++ extern int vdso_smp_processor_id(void)
249 ++ __compiletime_error("VDSO should not call smp_processor_id()");
250 ++ return vdso_smp_processor_id();
251 ++#else
252 ++ return current_thread_info()->cpu;
253 ++#endif
254 ++}
255 ++#define raw_smp_processor_id raw_smp_processor_id
256 +
257 + /* Map from cpu id to sequential logical cpu number. This will only
258 + not be idempotent when cpus failed to come on-line. */
259 +diff --git a/arch/mips/sibyte/common/Makefile b/arch/mips/sibyte/common/Makefile
260 +index 3ef3fb658136..b3d6bf23a662 100644
261 +--- a/arch/mips/sibyte/common/Makefile
262 ++++ b/arch/mips/sibyte/common/Makefile
263 +@@ -1,5 +1,4 @@
264 + obj-y := cfe.o
265 +-obj-$(CONFIG_SWIOTLB) += dma.o
266 + obj-$(CONFIG_SIBYTE_BUS_WATCHER) += bus_watcher.o
267 + obj-$(CONFIG_SIBYTE_CFE_CONSOLE) += cfe_console.o
268 + obj-$(CONFIG_SIBYTE_TBPROF) += sb_tbprof.o
269 +diff --git a/arch/mips/sibyte/common/dma.c b/arch/mips/sibyte/common/dma.c
270 +deleted file mode 100644
271 +index eb47a94f3583..000000000000
272 +--- a/arch/mips/sibyte/common/dma.c
273 ++++ /dev/null
274 +@@ -1,14 +0,0 @@
275 +-// SPDX-License-Identifier: GPL-2.0+
276 +-/*
277 +- * DMA support for Broadcom SiByte platforms.
278 +- *
279 +- * Copyright (c) 2018 Maciej W. Rozycki
280 +- */
281 +-
282 +-#include <linux/swiotlb.h>
283 +-#include <asm/bootinfo.h>
284 +-
285 +-void __init plat_swiotlb_setup(void)
286 +-{
287 +- swiotlb_init(1);
288 +-}
289 +diff --git a/arch/mips/vdso/Makefile b/arch/mips/vdso/Makefile
290 +index 886005b1e87d..dfd082eb86f8 100644
291 +--- a/arch/mips/vdso/Makefile
292 ++++ b/arch/mips/vdso/Makefile
293 +@@ -6,7 +6,9 @@ ccflags-vdso := \
294 + $(filter -I%,$(KBUILD_CFLAGS)) \
295 + $(filter -E%,$(KBUILD_CFLAGS)) \
296 + $(filter -mmicromips,$(KBUILD_CFLAGS)) \
297 +- $(filter -march=%,$(KBUILD_CFLAGS))
298 ++ $(filter -march=%,$(KBUILD_CFLAGS)) \
299 ++ $(filter -m%-float,$(KBUILD_CFLAGS)) \
300 ++ -D__VDSO__
301 + cflags-vdso := $(ccflags-vdso) \
302 + $(filter -W%,$(filter-out -Wa$(comma)%,$(KBUILD_CFLAGS))) \
303 + -O2 -g -fPIC -fno-strict-aliasing -fno-common -fno-builtin -G 0 \
304 +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
305 +index 6a75352f453c..950b0c00a092 100644
306 +--- a/arch/s390/kvm/interrupt.c
307 ++++ b/arch/s390/kvm/interrupt.c
308 +@@ -1487,6 +1487,16 @@ int s390int_to_s390irq(struct kvm_s390_interrupt *s390int,
309 + case KVM_S390_MCHK:
310 + irq->u.mchk.mcic = s390int->parm64;
311 + break;
312 ++ case KVM_S390_INT_PFAULT_INIT:
313 ++ irq->u.ext.ext_params = s390int->parm;
314 ++ irq->u.ext.ext_params2 = s390int->parm64;
315 ++ break;
316 ++ case KVM_S390_RESTART:
317 ++ case KVM_S390_INT_CLOCK_COMP:
318 ++ case KVM_S390_INT_CPU_TIMER:
319 ++ break;
320 ++ default:
321 ++ return -EINVAL;
322 + }
323 + return 0;
324 + }
325 +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
326 +index 23911ecfbad6..14d2ca9c779e 100644
327 +--- a/arch/s390/kvm/kvm-s390.c
328 ++++ b/arch/s390/kvm/kvm-s390.c
329 +@@ -2541,7 +2541,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
330 + }
331 + case KVM_S390_INTERRUPT: {
332 + struct kvm_s390_interrupt s390int;
333 +- struct kvm_s390_irq s390irq;
334 ++ struct kvm_s390_irq s390irq = {};
335 +
336 + r = -EFAULT;
337 + if (copy_from_user(&s390int, argp, sizeof(s390int)))
338 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
339 +index 727693e283da..bcf409997d6d 100644
340 +--- a/arch/s390/net/bpf_jit_comp.c
341 ++++ b/arch/s390/net/bpf_jit_comp.c
342 +@@ -886,7 +886,7 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
343 + break;
344 + case BPF_ALU64 | BPF_NEG: /* dst = -dst */
345 + /* lcgr %dst,%dst */
346 +- EMIT4(0xb9130000, dst_reg, dst_reg);
347 ++ EMIT4(0xb9030000, dst_reg, dst_reg);
348 + break;
349 + /*
350 + * BPF_FROM_BE/LE
351 +@@ -1067,8 +1067,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
352 + /* llgf %w1,map.max_entries(%b2) */
353 + EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
354 + offsetof(struct bpf_array, map.max_entries));
355 +- /* clgrj %b3,%w1,0xa,label0: if %b3 >= %w1 goto out */
356 +- EMIT6_PCREL_LABEL(0xec000000, 0x0065, BPF_REG_3,
357 ++ /* clrj %b3,%w1,0xa,label0: if (u32)%b3 >= (u32)%w1 goto out */
358 ++ EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3,
359 + REG_W1, 0, 0xa);
360 +
361 + /*
362 +@@ -1094,8 +1094,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
363 + * goto out;
364 + */
365 +
366 +- /* sllg %r1,%b3,3: %r1 = index * 8 */
367 +- EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, BPF_REG_3, REG_0, 3);
368 ++ /* llgfr %r1,%b3: %r1 = (u32) index */
369 ++ EMIT4(0xb9160000, REG_1, BPF_REG_3);
370 ++ /* sllg %r1,%r1,3: %r1 *= 8 */
371 ++ EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
372 + /* lg %r1,prog(%b2,%r1) */
373 + EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2,
374 + REG_1, offsetof(struct bpf_array, ptrs));
375 +diff --git a/arch/x86/Makefile b/arch/x86/Makefile
376 +index 00e0226634fa..8b4d022ce0cb 100644
377 +--- a/arch/x86/Makefile
378 ++++ b/arch/x86/Makefile
379 +@@ -38,6 +38,7 @@ REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -D__KERNEL__ \
380 +
381 + REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding)
382 + REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector)
383 ++REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -Wno-address-of-packed-member)
384 + REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), $(cc_stack_align4))
385 + export REALMODE_CFLAGS
386 +
387 +diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h
388 +index 0232b5a2a2d9..588d8fbd1e6d 100644
389 +--- a/arch/x86/include/asm/bootparam_utils.h
390 ++++ b/arch/x86/include/asm/bootparam_utils.h
391 +@@ -71,6 +71,7 @@ static void sanitize_boot_params(struct boot_params *boot_params)
392 + BOOT_PARAM_PRESERVE(edd_mbr_sig_buf_entries),
393 + BOOT_PARAM_PRESERVE(edd_mbr_sig_buffer),
394 + BOOT_PARAM_PRESERVE(hdr),
395 ++ BOOT_PARAM_PRESERVE(e820_map),
396 + BOOT_PARAM_PRESERVE(eddbuf),
397 + };
398 +
399 +diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
400 +index fd945099fc95..4d5e8ff3b5e5 100644
401 +--- a/arch/x86/kernel/apic/io_apic.c
402 ++++ b/arch/x86/kernel/apic/io_apic.c
403 +@@ -2344,7 +2344,13 @@ unsigned int arch_dynirq_lower_bound(unsigned int from)
404 + * dmar_alloc_hwirq() may be called before setup_IO_APIC(), so use
405 + * gsi_top if ioapic_dynirq_base hasn't been initialized yet.
406 + */
407 +- return ioapic_initialized ? ioapic_dynirq_base : gsi_top;
408 ++ if (!ioapic_initialized)
409 ++ return gsi_top;
410 ++ /*
411 ++ * For DT enabled machines ioapic_dynirq_base is irrelevant and not
412 ++ * updated. So simply return @from if ioapic_dynirq_base == 0.
413 ++ */
414 ++ return ioapic_dynirq_base ? : from;
415 + }
416 +
417 + #ifdef CONFIG_X86_32
418 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
419 +index 098be61a6b4c..343c8ddad86a 100644
420 +--- a/arch/x86/kvm/vmx.c
421 ++++ b/arch/x86/kvm/vmx.c
422 +@@ -7247,6 +7247,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
423 + unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
424 + u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
425 + gva_t gva = 0;
426 ++ struct x86_exception e;
427 +
428 + if (!nested_vmx_check_permission(vcpu) ||
429 + !nested_vmx_check_vmcs12(vcpu))
430 +@@ -7273,8 +7274,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
431 + vmx_instruction_info, true, &gva))
432 + return 1;
433 + /* _system ok, as nested_vmx_check_permission verified cpl=0 */
434 +- kvm_write_guest_virt_system(vcpu, gva, &field_value,
435 +- (is_long_mode(vcpu) ? 8 : 4), NULL);
436 ++ if (kvm_write_guest_virt_system(vcpu, gva, &field_value,
437 ++ (is_long_mode(vcpu) ? 8 : 4),
438 ++ NULL))
439 ++ kvm_inject_page_fault(vcpu, &e);
440 + }
441 +
442 + nested_vmx_succeed(vcpu);
443 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
444 +index 9f70de2ca0e2..74674a6e4827 100644
445 +--- a/arch/x86/kvm/x86.c
446 ++++ b/arch/x86/kvm/x86.c
447 +@@ -4337,6 +4337,13 @@ static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *v
448 + if (!system && kvm_x86_ops->get_cpl(vcpu) == 3)
449 + access |= PFERR_USER_MASK;
450 +
451 ++ /*
452 ++ * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED
453 ++ * is returned, but our callers are not ready for that and they blindly
454 ++ * call kvm_inject_page_fault. Ensure that they at least do not leak
455 ++ * uninitialized kernel stack memory into cr2 and error code.
456 ++ */
457 ++ memset(exception, 0, sizeof(*exception));
458 + return kvm_write_guest_virt_helper(addr, val, bytes, vcpu,
459 + access, exception);
460 + }
461 +diff --git a/drivers/atm/Kconfig b/drivers/atm/Kconfig
462 +index 31c60101a69a..7fa840170151 100644
463 +--- a/drivers/atm/Kconfig
464 ++++ b/drivers/atm/Kconfig
465 +@@ -199,7 +199,7 @@ config ATM_NICSTAR_USE_SUNI
466 + make the card work).
467 +
468 + config ATM_NICSTAR_USE_IDT77105
469 +- bool "Use IDT77015 PHY driver (25Mbps)"
470 ++ bool "Use IDT77105 PHY driver (25Mbps)"
471 + depends on ATM_NICSTAR
472 + help
473 + Support for the PHYsical layer chip in ForeRunner LE25 cards. In
474 +diff --git a/drivers/base/core.c b/drivers/base/core.c
475 +index cb5718d2669e..af948fedd232 100644
476 +--- a/drivers/base/core.c
477 ++++ b/drivers/base/core.c
478 +@@ -857,12 +857,63 @@ static inline struct kobject *get_glue_dir(struct device *dev)
479 + */
480 + static void cleanup_glue_dir(struct device *dev, struct kobject *glue_dir)
481 + {
482 ++ unsigned int ref;
483 ++
484 + /* see if we live in a "glue" directory */
485 + if (!live_in_glue_dir(glue_dir, dev))
486 + return;
487 +
488 + mutex_lock(&gdp_mutex);
489 +- if (!kobject_has_children(glue_dir))
490 ++ /**
491 ++ * There is a race condition between removing glue directory
492 ++ * and adding a new device under the glue directory.
493 ++ *
494 ++ * CPU1: CPU2:
495 ++ *
496 ++ * device_add()
497 ++ * get_device_parent()
498 ++ * class_dir_create_and_add()
499 ++ * kobject_add_internal()
500 ++ * create_dir() // create glue_dir
501 ++ *
502 ++ * device_add()
503 ++ * get_device_parent()
504 ++ * kobject_get() // get glue_dir
505 ++ *
506 ++ * device_del()
507 ++ * cleanup_glue_dir()
508 ++ * kobject_del(glue_dir)
509 ++ *
510 ++ * kobject_add()
511 ++ * kobject_add_internal()
512 ++ * create_dir() // in glue_dir
513 ++ * sysfs_create_dir_ns()
514 ++ * kernfs_create_dir_ns(sd)
515 ++ *
516 ++ * sysfs_remove_dir() // glue_dir->sd=NULL
517 ++ * sysfs_put() // free glue_dir->sd
518 ++ *
519 ++ * // sd is freed
520 ++ * kernfs_new_node(sd)
521 ++ * kernfs_get(glue_dir)
522 ++ * kernfs_add_one()
523 ++ * kernfs_put()
524 ++ *
525 ++ * Before CPU1 remove last child device under glue dir, if CPU2 add
526 ++ * a new device under glue dir, the glue_dir kobject reference count
527 ++ * will be increase to 2 in kobject_get(k). And CPU2 has been called
528 ++ * kernfs_create_dir_ns(). Meanwhile, CPU1 call sysfs_remove_dir()
529 ++ * and sysfs_put(). This result in glue_dir->sd is freed.
530 ++ *
531 ++ * Then the CPU2 will see a stale "empty" but still potentially used
532 ++ * glue dir around in kernfs_new_node().
533 ++ *
534 ++ * In order to avoid this happening, we also should make sure that
535 ++ * kernfs_node for glue_dir is released in CPU1 only when refcount
536 ++ * for glue_dir kobj is 1.
537 ++ */
538 ++ ref = atomic_read(&glue_dir->kref.refcount);
539 ++ if (!kobject_has_children(glue_dir) && !--ref)
540 + kobject_del(glue_dir);
541 + kobject_put(glue_dir);
542 + mutex_unlock(&gdp_mutex);
543 +diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
544 +index a04810837234..a12a163c6e6d 100644
545 +--- a/drivers/block/floppy.c
546 ++++ b/drivers/block/floppy.c
547 +@@ -3784,7 +3784,7 @@ static int compat_getdrvprm(int drive,
548 + v.native_format = UDP->native_format;
549 + mutex_unlock(&floppy_mutex);
550 +
551 +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_params)))
552 ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_params)))
553 + return -EFAULT;
554 + return 0;
555 + }
556 +@@ -3820,7 +3820,7 @@ static int compat_getdrvstat(int drive, bool poll,
557 + v.bufblocks = UDRS->bufblocks;
558 + mutex_unlock(&floppy_mutex);
559 +
560 +- if (copy_from_user(arg, &v, sizeof(struct compat_floppy_drive_struct)))
561 ++ if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_struct)))
562 + return -EFAULT;
563 + return 0;
564 + Eintr:
565 +diff --git a/drivers/clk/rockchip/clk-mmc-phase.c b/drivers/clk/rockchip/clk-mmc-phase.c
566 +index b840e4ace623..2b289581d570 100644
567 +--- a/drivers/clk/rockchip/clk-mmc-phase.c
568 ++++ b/drivers/clk/rockchip/clk-mmc-phase.c
569 +@@ -61,10 +61,8 @@ static int rockchip_mmc_get_phase(struct clk_hw *hw)
570 + u32 delay_num = 0;
571 +
572 + /* See the comment for rockchip_mmc_set_phase below */
573 +- if (!rate) {
574 +- pr_err("%s: invalid clk rate\n", __func__);
575 ++ if (!rate)
576 + return -EINVAL;
577 +- }
578 +
579 + raw_value = readl(mmc_clock->reg) >> (mmc_clock->shift);
580 +
581 +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
582 +index a000c2667392..014745271bb4 100644
583 +--- a/drivers/crypto/talitos.c
584 ++++ b/drivers/crypto/talitos.c
585 +@@ -1426,6 +1426,18 @@ static void unmap_sg_talitos_ptr(struct device *dev, struct scatterlist *src,
586 + }
587 + }
588 +
589 ++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher,
590 ++ const u8 *key, unsigned int keylen)
591 ++{
592 ++ if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
593 ++ keylen == AES_KEYSIZE_256)
594 ++ return ablkcipher_setkey(cipher, key, keylen);
595 ++
596 ++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
597 ++
598 ++ return -EINVAL;
599 ++}
600 ++
601 + static void common_nonsnoop_unmap(struct device *dev,
602 + struct talitos_edesc *edesc,
603 + struct ablkcipher_request *areq)
604 +@@ -1629,6 +1641,14 @@ static int ablkcipher_encrypt(struct ablkcipher_request *areq)
605 + struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
606 + struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
607 + struct talitos_edesc *edesc;
608 ++ unsigned int blocksize =
609 ++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
610 ++
611 ++ if (!areq->nbytes)
612 ++ return 0;
613 ++
614 ++ if (areq->nbytes % blocksize)
615 ++ return -EINVAL;
616 +
617 + /* allocate extended descriptor */
618 + edesc = ablkcipher_edesc_alloc(areq, true);
619 +@@ -1646,6 +1666,14 @@ static int ablkcipher_decrypt(struct ablkcipher_request *areq)
620 + struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
621 + struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
622 + struct talitos_edesc *edesc;
623 ++ unsigned int blocksize =
624 ++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
625 ++
626 ++ if (!areq->nbytes)
627 ++ return 0;
628 ++
629 ++ if (areq->nbytes % blocksize)
630 ++ return -EINVAL;
631 +
632 + /* allocate extended descriptor */
633 + edesc = ablkcipher_edesc_alloc(areq, false);
634 +@@ -2379,6 +2407,7 @@ static struct talitos_alg_template driver_algs[] = {
635 + .min_keysize = AES_MIN_KEY_SIZE,
636 + .max_keysize = AES_MAX_KEY_SIZE,
637 + .ivsize = AES_BLOCK_SIZE,
638 ++ .setkey = ablkcipher_aes_setkey,
639 + }
640 + },
641 + .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
642 +diff --git a/drivers/dma/omap-dma.c b/drivers/dma/omap-dma.c
643 +index 1dfc71c90123..57b6e6ca14a8 100644
644 +--- a/drivers/dma/omap-dma.c
645 ++++ b/drivers/dma/omap-dma.c
646 +@@ -1199,8 +1199,10 @@ static int omap_dma_probe(struct platform_device *pdev)
647 +
648 + rc = devm_request_irq(&pdev->dev, irq, omap_dma_irq,
649 + IRQF_SHARED, "omap-dma-engine", od);
650 +- if (rc)
651 ++ if (rc) {
652 ++ omap_dma_free(od);
653 + return rc;
654 ++ }
655 + }
656 +
657 + rc = dma_async_device_register(&od->ddev);
658 +diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
659 +index 6a2df3297e77..691ad069444d 100644
660 +--- a/drivers/isdn/capi/capi.c
661 ++++ b/drivers/isdn/capi/capi.c
662 +@@ -687,6 +687,9 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos
663 + if (!cdev->ap.applid)
664 + return -ENODEV;
665 +
666 ++ if (count < CAPIMSG_BASELEN)
667 ++ return -EINVAL;
668 ++
669 + skb = alloc_skb(count, GFP_USER);
670 + if (!skb)
671 + return -ENOMEM;
672 +@@ -697,7 +700,8 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos
673 + }
674 + mlen = CAPIMSG_LEN(skb->data);
675 + if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) {
676 +- if ((size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) {
677 ++ if (count < CAPI_DATA_B3_REQ_LEN ||
678 ++ (size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) {
679 + kfree_skb(skb);
680 + return -EINVAL;
681 + }
682 +@@ -710,6 +714,10 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos
683 + CAPIMSG_SETAPPID(skb->data, cdev->ap.applid);
684 +
685 + if (CAPIMSG_CMD(skb->data) == CAPI_DISCONNECT_B3_RESP) {
686 ++ if (count < CAPI_DISCONNECT_B3_RESP_LEN) {
687 ++ kfree_skb(skb);
688 ++ return -EINVAL;
689 ++ }
690 + mutex_lock(&cdev->lock);
691 + capincci_free(cdev, CAPIMSG_NCCI(skb->data));
692 + mutex_unlock(&cdev->lock);
693 +diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c
694 +index 6c3c47722955..30a8c21ed736 100644
695 +--- a/drivers/media/usb/dvb-usb/technisat-usb2.c
696 ++++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
697 +@@ -594,9 +594,9 @@ static int technisat_usb2_frontend_attach(struct dvb_usb_adapter *a)
698 +
699 + static int technisat_usb2_get_ir(struct dvb_usb_device *d)
700 + {
701 +- u8 buf[62], *b;
702 +- int ret;
703 ++ u8 buf[62];
704 + struct ir_raw_event ev;
705 ++ int i, ret;
706 +
707 + buf[0] = GET_IR_DATA_VENDOR_REQUEST;
708 + buf[1] = 0x08;
709 +@@ -632,26 +632,25 @@ unlock:
710 + return 0; /* no key pressed */
711 +
712 + /* decoding */
713 +- b = buf+1;
714 +
715 + #if 0
716 + deb_rc("RC: %d ", ret);
717 +- debug_dump(b, ret, deb_rc);
718 ++ debug_dump(buf + 1, ret, deb_rc);
719 + #endif
720 +
721 + ev.pulse = 0;
722 +- while (1) {
723 +- ev.pulse = !ev.pulse;
724 +- ev.duration = (*b * FIRMWARE_CLOCK_DIVISOR * FIRMWARE_CLOCK_TICK) / 1000;
725 +- ir_raw_event_store(d->rc_dev, &ev);
726 +-
727 +- b++;
728 +- if (*b == 0xff) {
729 ++ for (i = 1; i < ARRAY_SIZE(buf); i++) {
730 ++ if (buf[i] == 0xff) {
731 + ev.pulse = 0;
732 + ev.duration = 888888*2;
733 + ir_raw_event_store(d->rc_dev, &ev);
734 + break;
735 + }
736 ++
737 ++ ev.pulse = !ev.pulse;
738 ++ ev.duration = (buf[i] * FIRMWARE_CLOCK_DIVISOR *
739 ++ FIRMWARE_CLOCK_TICK) / 1000;
740 ++ ir_raw_event_store(d->rc_dev, &ev);
741 + }
742 +
743 + ir_raw_event_handle(d->rc_dev);
744 +diff --git a/drivers/media/usb/tm6000/tm6000-dvb.c b/drivers/media/usb/tm6000/tm6000-dvb.c
745 +index 4f317e2686e9..87401b18d85a 100644
746 +--- a/drivers/media/usb/tm6000/tm6000-dvb.c
747 ++++ b/drivers/media/usb/tm6000/tm6000-dvb.c
748 +@@ -111,6 +111,7 @@ static void tm6000_urb_received(struct urb *urb)
749 + printk(KERN_ERR "tm6000: error %s\n", __func__);
750 + kfree(urb->transfer_buffer);
751 + usb_free_urb(urb);
752 ++ dev->dvb->bulk_urb = NULL;
753 + }
754 + }
755 + }
756 +@@ -143,6 +144,7 @@ static int tm6000_start_stream(struct tm6000_core *dev)
757 + dvb->bulk_urb->transfer_buffer = kzalloc(size, GFP_KERNEL);
758 + if (dvb->bulk_urb->transfer_buffer == NULL) {
759 + usb_free_urb(dvb->bulk_urb);
760 ++ dvb->bulk_urb = NULL;
761 + printk(KERN_ERR "tm6000: couldn't allocate transfer buffer!\n");
762 + return -ENOMEM;
763 + }
764 +@@ -170,6 +172,7 @@ static int tm6000_start_stream(struct tm6000_core *dev)
765 +
766 + kfree(dvb->bulk_urb->transfer_buffer);
767 + usb_free_urb(dvb->bulk_urb);
768 ++ dvb->bulk_urb = NULL;
769 + return ret;
770 + }
771 +
772 +diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
773 +index dcd72b2a3715..8ba9eadc2079 100644
774 +--- a/drivers/net/ethernet/marvell/sky2.c
775 ++++ b/drivers/net/ethernet/marvell/sky2.c
776 +@@ -4946,6 +4946,13 @@ static const struct dmi_system_id msi_blacklist[] = {
777 + DMI_MATCH(DMI_BOARD_NAME, "P6T"),
778 + },
779 + },
780 ++ {
781 ++ .ident = "ASUS P6X",
782 ++ .matches = {
783 ++ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."),
784 ++ DMI_MATCH(DMI_BOARD_NAME, "P6X"),
785 ++ },
786 ++ },
787 + {}
788 + };
789 +
790 +diff --git a/drivers/net/ethernet/seeq/sgiseeq.c b/drivers/net/ethernet/seeq/sgiseeq.c
791 +index ca7336605748..2e5f7bbd30bf 100644
792 +--- a/drivers/net/ethernet/seeq/sgiseeq.c
793 ++++ b/drivers/net/ethernet/seeq/sgiseeq.c
794 +@@ -792,15 +792,16 @@ static int sgiseeq_probe(struct platform_device *pdev)
795 + printk(KERN_ERR "Sgiseeq: Cannot register net device, "
796 + "aborting.\n");
797 + err = -ENODEV;
798 +- goto err_out_free_page;
799 ++ goto err_out_free_attrs;
800 + }
801 +
802 + printk(KERN_INFO "%s: %s %pM\n", dev->name, sgiseeqstr, dev->dev_addr);
803 +
804 + return 0;
805 +
806 +-err_out_free_page:
807 +- free_page((unsigned long) sp->srings);
808 ++err_out_free_attrs:
809 ++ dma_free_attrs(&pdev->dev, sizeof(*sp->srings), sp->srings,
810 ++ sp->srings_dma, DMA_ATTR_NON_CONSISTENT);
811 + err_out_free_dev:
812 + free_netdev(dev);
813 +
814 +diff --git a/drivers/net/tun.c b/drivers/net/tun.c
815 +index fd9ff9eff237..2b7a3631b882 100644
816 +--- a/drivers/net/tun.c
817 ++++ b/drivers/net/tun.c
818 +@@ -597,7 +597,8 @@ static void tun_detach_all(struct net_device *dev)
819 + module_put(THIS_MODULE);
820 + }
821 +
822 +-static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filter)
823 ++static int tun_attach(struct tun_struct *tun, struct file *file,
824 ++ bool skip_filter, bool publish_tun)
825 + {
826 + struct tun_file *tfile = file->private_data;
827 + int err;
828 +@@ -630,7 +631,8 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte
829 + }
830 + tfile->queue_index = tun->numqueues;
831 + tfile->socket.sk->sk_shutdown &= ~RCV_SHUTDOWN;
832 +- rcu_assign_pointer(tfile->tun, tun);
833 ++ if (publish_tun)
834 ++ rcu_assign_pointer(tfile->tun, tun);
835 + rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile);
836 + tun->numqueues++;
837 +
838 +@@ -1641,7 +1643,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
839 + if (err < 0)
840 + return err;
841 +
842 +- err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER);
843 ++ err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER, true);
844 + if (err < 0)
845 + return err;
846 +
847 +@@ -1722,13 +1724,17 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
848 + NETIF_F_HW_VLAN_STAG_TX);
849 +
850 + INIT_LIST_HEAD(&tun->disabled);
851 +- err = tun_attach(tun, file, false);
852 ++ err = tun_attach(tun, file, false, false);
853 + if (err < 0)
854 + goto err_free_flow;
855 +
856 + err = register_netdevice(tun->dev);
857 + if (err < 0)
858 + goto err_detach;
859 ++ /* free_netdev() won't check refcnt, to aovid race
860 ++ * with dev_put() we need publish tun after registration.
861 ++ */
862 ++ rcu_assign_pointer(tfile->tun, tun);
863 + }
864 +
865 + netif_carrier_on(tun->dev);
866 +@@ -1867,7 +1873,7 @@ static int tun_set_queue(struct file *file, struct ifreq *ifr)
867 + ret = security_tun_dev_attach_queue(tun->security);
868 + if (ret < 0)
869 + goto unlock;
870 +- ret = tun_attach(tun, file, false);
871 ++ ret = tun_attach(tun, file, false, true);
872 + } else if (ifr->ifr_flags & IFF_DETACH_QUEUE) {
873 + tun = rtnl_dereference(tfile->tun);
874 + if (!tun || !(tun->flags & IFF_MULTI_QUEUE) || tfile->detached)
875 +diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
876 +index f71abe50ea6f..3707aab2423b 100644
877 +--- a/drivers/net/usb/cdc_ether.c
878 ++++ b/drivers/net/usb/cdc_ether.c
879 +@@ -212,9 +212,16 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
880 + goto bad_desc;
881 + }
882 + skip:
883 +- if ( rndis &&
884 +- header.usb_cdc_acm_descriptor &&
885 +- header.usb_cdc_acm_descriptor->bmCapabilities) {
886 ++ /* Communcation class functions with bmCapabilities are not
887 ++ * RNDIS. But some Wireless class RNDIS functions use
888 ++ * bmCapabilities for their own purpose. The failsafe is
889 ++ * therefore applied only to Communication class RNDIS
890 ++ * functions. The rndis test is redundant, but a cheap
891 ++ * optimization.
892 ++ */
893 ++ if (rndis && is_rndis(&intf->cur_altsetting->desc) &&
894 ++ header.usb_cdc_acm_descriptor &&
895 ++ header.usb_cdc_acm_descriptor->bmCapabilities) {
896 + dev_dbg(&intf->dev,
897 + "ACM capabilities %02x, not really RNDIS?\n",
898 + header.usb_cdc_acm_descriptor->bmCapabilities);
899 +diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
900 +index 2d83689374bb..10dd307593e8 100644
901 +--- a/drivers/net/usb/r8152.c
902 ++++ b/drivers/net/usb/r8152.c
903 +@@ -671,8 +671,11 @@ int get_registers(struct r8152 *tp, u16 value, u16 index, u16 size, void *data)
904 + ret = usb_control_msg(tp->udev, usb_rcvctrlpipe(tp->udev, 0),
905 + RTL8152_REQ_GET_REGS, RTL8152_REQT_READ,
906 + value, index, tmp, size, 500);
907 ++ if (ret < 0)
908 ++ memset(data, 0xff, size);
909 ++ else
910 ++ memcpy(data, tmp, size);
911 +
912 +- memcpy(data, tmp, size);
913 + kfree(tmp);
914 +
915 + return ret;
916 +diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c
917 +index de8435709735..4255fb8dd58a 100644
918 +--- a/drivers/net/wireless/mwifiex/ie.c
919 ++++ b/drivers/net/wireless/mwifiex/ie.c
920 +@@ -240,6 +240,9 @@ static int mwifiex_update_vs_ie(const u8 *ies, int ies_len,
921 + }
922 +
923 + vs_ie = (struct ieee_types_header *)vendor_ie;
924 ++ if (le16_to_cpu(ie->ie_length) + vs_ie->len + 2 >
925 ++ IEEE_MAX_IE_SIZE)
926 ++ return -EINVAL;
927 + memcpy(ie->ie_buffer + le16_to_cpu(ie->ie_length),
928 + vs_ie, vs_ie->len + 2);
929 + le16_add_cpu(&ie->ie_length, vs_ie->len + 2);
930 +diff --git a/drivers/net/wireless/mwifiex/uap_cmd.c b/drivers/net/wireless/mwifiex/uap_cmd.c
931 +index 759a6ada5b0f..60bba1ca24e6 100644
932 +--- a/drivers/net/wireless/mwifiex/uap_cmd.c
933 ++++ b/drivers/net/wireless/mwifiex/uap_cmd.c
934 +@@ -286,6 +286,8 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg,
935 +
936 + rate_ie = (void *)cfg80211_find_ie(WLAN_EID_SUPP_RATES, var_pos, len);
937 + if (rate_ie) {
938 ++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES)
939 ++ return;
940 + memcpy(bss_cfg->rates, rate_ie + 1, rate_ie->len);
941 + rate_len = rate_ie->len;
942 + }
943 +@@ -293,8 +295,11 @@ mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg,
944 + rate_ie = (void *)cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES,
945 + params->beacon.tail,
946 + params->beacon.tail_len);
947 +- if (rate_ie)
948 ++ if (rate_ie) {
949 ++ if (rate_ie->len > MWIFIEX_SUPPORTED_RATES - rate_len)
950 ++ return;
951 + memcpy(bss_cfg->rates + rate_len, rate_ie + 1, rate_ie->len);
952 ++ }
953 +
954 + return;
955 + }
956 +@@ -412,6 +417,8 @@ mwifiex_set_wmm_params(struct mwifiex_private *priv,
957 + params->beacon.tail_len);
958 + if (vendor_ie) {
959 + wmm_ie = (struct ieee_types_header *)vendor_ie;
960 ++ if (*(vendor_ie + 1) > sizeof(struct mwifiex_types_wmm_info))
961 ++ return;
962 + memcpy(&bss_cfg->wmm_info, wmm_ie + 1,
963 + sizeof(bss_cfg->wmm_info));
964 + priv->wmm_enabled = 1;
965 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
966 +index 6f55ab4f7959..574c93a24180 100644
967 +--- a/drivers/net/xen-netfront.c
968 ++++ b/drivers/net/xen-netfront.c
969 +@@ -893,7 +893,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
970 + __pskb_pull_tail(skb, pull_to - skb_headlen(skb));
971 + }
972 + if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) {
973 +- queue->rx.rsp_cons = ++cons;
974 ++ queue->rx.rsp_cons = ++cons + skb_queue_len(list);
975 + kfree_skb(nskb);
976 + return ~0U;
977 + }
978 +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
979 +index fc46c8cf5fcd..3bd19de7df71 100644
980 +--- a/drivers/tty/serial/atmel_serial.c
981 ++++ b/drivers/tty/serial/atmel_serial.c
982 +@@ -1275,7 +1275,6 @@ atmel_handle_transmit(struct uart_port *port, unsigned int pending)
983 +
984 + atmel_port->hd_start_rx = false;
985 + atmel_start_rx(port);
986 +- return;
987 + }
988 +
989 + tasklet_schedule(&atmel_port->tasklet);
990 +diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c
991 +index c894eca57e73..82e00ac6f7e3 100644
992 +--- a/drivers/tty/serial/sprd_serial.c
993 ++++ b/drivers/tty/serial/sprd_serial.c
994 +@@ -240,7 +240,7 @@ static inline void sprd_rx(struct uart_port *port)
995 +
996 + if (lsr & (SPRD_LSR_BI | SPRD_LSR_PE |
997 + SPRD_LSR_FE | SPRD_LSR_OE))
998 +- if (handle_lsr_errors(port, &lsr, &flag))
999 ++ if (handle_lsr_errors(port, &flag, &lsr))
1000 + continue;
1001 + if (uart_handle_sysrq_char(port, ch))
1002 + continue;
1003 +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
1004 +index aef208585544..5abc4e5434ec 100644
1005 +--- a/drivers/usb/core/config.c
1006 ++++ b/drivers/usb/core/config.c
1007 +@@ -891,7 +891,7 @@ int usb_get_bos_descriptor(struct usb_device *dev)
1008 + struct usb_bos_descriptor *bos;
1009 + struct usb_dev_cap_header *cap;
1010 + struct usb_ssp_cap_descriptor *ssp_cap;
1011 +- unsigned char *buffer;
1012 ++ unsigned char *buffer, *buffer0;
1013 + int length, total_len, num, i, ssac;
1014 + __u8 cap_type;
1015 + int ret;
1016 +@@ -936,10 +936,12 @@ int usb_get_bos_descriptor(struct usb_device *dev)
1017 + ret = -ENOMSG;
1018 + goto err;
1019 + }
1020 ++
1021 ++ buffer0 = buffer;
1022 + total_len -= length;
1023 ++ buffer += length;
1024 +
1025 + for (i = 0; i < num; i++) {
1026 +- buffer += length;
1027 + cap = (struct usb_dev_cap_header *)buffer;
1028 +
1029 + if (total_len < sizeof(*cap) || total_len < cap->bLength) {
1030 +@@ -953,8 +955,6 @@ int usb_get_bos_descriptor(struct usb_device *dev)
1031 + break;
1032 + }
1033 +
1034 +- total_len -= length;
1035 +-
1036 + if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
1037 + dev_warn(ddev, "descriptor type invalid, skip\n");
1038 + continue;
1039 +@@ -989,7 +989,11 @@ int usb_get_bos_descriptor(struct usb_device *dev)
1040 + default:
1041 + break;
1042 + }
1043 ++
1044 ++ total_len -= length;
1045 ++ buffer += length;
1046 + }
1047 ++ dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0);
1048 +
1049 + return 0;
1050 +
1051 +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
1052 +index 57a46093656a..f9c3907bf159 100644
1053 +--- a/fs/btrfs/tree-log.c
1054 ++++ b/fs/btrfs/tree-log.c
1055 +@@ -5133,7 +5133,7 @@ process_leaf:
1056 + }
1057 +
1058 + if (btrfs_inode_in_log(di_inode, trans->transid)) {
1059 +- iput(di_inode);
1060 ++ btrfs_add_delayed_iput(di_inode);
1061 + continue;
1062 + }
1063 +
1064 +@@ -5143,7 +5143,7 @@ process_leaf:
1065 + btrfs_release_path(path);
1066 + ret = btrfs_log_inode(trans, root, di_inode,
1067 + log_mode, 0, LLONG_MAX, ctx);
1068 +- iput(di_inode);
1069 ++ btrfs_add_delayed_iput(di_inode);
1070 + if (ret)
1071 + goto next_dir_inode;
1072 + if (ctx->log_new_dentries) {
1073 +@@ -5281,7 +5281,7 @@ static int btrfs_log_all_parents(struct btrfs_trans_handle *trans,
1074 +
1075 + ret = btrfs_log_inode(trans, root, dir_inode,
1076 + LOG_INODE_ALL, 0, LLONG_MAX, ctx);
1077 +- iput(dir_inode);
1078 ++ btrfs_add_delayed_iput(dir_inode);
1079 + if (ret)
1080 + goto out;
1081 + }
1082 +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
1083 +index 9cb72fd40eff..63108343124a 100644
1084 +--- a/fs/cifs/connect.c
1085 ++++ b/fs/cifs/connect.c
1086 +@@ -2466,6 +2466,7 @@ static int
1087 + cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
1088 + {
1089 + int rc = 0;
1090 ++ int is_domain = 0;
1091 + const char *delim, *payload;
1092 + char *desc;
1093 + ssize_t len;
1094 +@@ -2513,6 +2514,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
1095 + rc = PTR_ERR(key);
1096 + goto out_err;
1097 + }
1098 ++ is_domain = 1;
1099 + }
1100 +
1101 + down_read(&key->sem);
1102 +@@ -2570,6 +2572,26 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
1103 + goto out_key_put;
1104 + }
1105 +
1106 ++ /*
1107 ++ * If we have a domain key then we must set the domainName in the
1108 ++ * for the request.
1109 ++ */
1110 ++ if (is_domain && ses->domainName) {
1111 ++ vol->domainname = kstrndup(ses->domainName,
1112 ++ strlen(ses->domainName),
1113 ++ GFP_KERNEL);
1114 ++ if (!vol->domainname) {
1115 ++ cifs_dbg(FYI, "Unable to allocate %zd bytes for "
1116 ++ "domain\n", len);
1117 ++ rc = -ENOMEM;
1118 ++ kfree(vol->username);
1119 ++ vol->username = NULL;
1120 ++ kzfree(vol->password);
1121 ++ vol->password = NULL;
1122 ++ goto out_key_put;
1123 ++ }
1124 ++ }
1125 ++
1126 + out_key_put:
1127 + up_read(&key->sem);
1128 + key_put(key);
1129 +diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c
1130 +index d3e3761eacfa..c5e884585c23 100644
1131 +--- a/fs/nfs/nfs4file.c
1132 ++++ b/fs/nfs/nfs4file.c
1133 +@@ -73,13 +73,13 @@ nfs4_file_open(struct inode *inode, struct file *filp)
1134 + if (IS_ERR(inode)) {
1135 + err = PTR_ERR(inode);
1136 + switch (err) {
1137 +- case -EPERM:
1138 +- case -EACCES:
1139 +- case -EDQUOT:
1140 +- case -ENOSPC:
1141 +- case -EROFS:
1142 +- goto out_put_ctx;
1143 + default:
1144 ++ goto out_put_ctx;
1145 ++ case -ENOENT:
1146 ++ case -ESTALE:
1147 ++ case -EISDIR:
1148 ++ case -ENOTDIR:
1149 ++ case -ELOOP:
1150 + goto out_drop;
1151 + }
1152 + }
1153 +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
1154 +index 8a2077408ab0..af1bb7353792 100644
1155 +--- a/fs/nfs/pagelist.c
1156 ++++ b/fs/nfs/pagelist.c
1157 +@@ -593,7 +593,7 @@ static void nfs_pgio_rpcsetup(struct nfs_pgio_header *hdr,
1158 + }
1159 +
1160 + hdr->res.fattr = &hdr->fattr;
1161 +- hdr->res.count = count;
1162 ++ hdr->res.count = 0;
1163 + hdr->res.eof = 0;
1164 + hdr->res.verf = &hdr->verf;
1165 + nfs_fattr_init(&hdr->fattr);
1166 +diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
1167 +index b417bbcd9704..b83e14ad13c4 100644
1168 +--- a/fs/nfs/proc.c
1169 ++++ b/fs/nfs/proc.c
1170 +@@ -588,7 +588,8 @@ static int nfs_read_done(struct rpc_task *task, struct nfs_pgio_header *hdr)
1171 + /* Emulate the eof flag, which isn't normally needed in NFSv2
1172 + * as it is guaranteed to always return the file attributes
1173 + */
1174 +- if (hdr->args.offset + hdr->res.count >= hdr->res.fattr->size)
1175 ++ if ((hdr->res.count == 0 && hdr->args.count > 0) ||
1176 ++ hdr->args.offset + hdr->res.count >= hdr->res.fattr->size)
1177 + hdr->res.eof = 1;
1178 + }
1179 + return 0;
1180 +@@ -609,8 +610,10 @@ static int nfs_proc_pgio_rpc_prepare(struct rpc_task *task,
1181 +
1182 + static int nfs_write_done(struct rpc_task *task, struct nfs_pgio_header *hdr)
1183 + {
1184 +- if (task->tk_status >= 0)
1185 ++ if (task->tk_status >= 0) {
1186 ++ hdr->res.count = hdr->args.count;
1187 + nfs_writeback_update_inode(hdr);
1188 ++ }
1189 + return 0;
1190 + }
1191 +
1192 +diff --git a/include/uapi/linux/isdn/capicmd.h b/include/uapi/linux/isdn/capicmd.h
1193 +index b58635f722da..ae1e1fba2e13 100644
1194 +--- a/include/uapi/linux/isdn/capicmd.h
1195 ++++ b/include/uapi/linux/isdn/capicmd.h
1196 +@@ -15,6 +15,7 @@
1197 + #define CAPI_MSG_BASELEN 8
1198 + #define CAPI_DATA_B3_REQ_LEN (CAPI_MSG_BASELEN+4+4+2+2+2)
1199 + #define CAPI_DATA_B3_RESP_LEN (CAPI_MSG_BASELEN+4+2)
1200 ++#define CAPI_DISCONNECT_B3_RESP_LEN (CAPI_MSG_BASELEN+4)
1201 +
1202 + /*----- CAPI commands -----*/
1203 + #define CAPI_ALERT 0x01
1204 +diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c
1205 +index b86886beee4f..867fb0ed4aa6 100644
1206 +--- a/kernel/irq/resend.c
1207 ++++ b/kernel/irq/resend.c
1208 +@@ -37,6 +37,8 @@ static void resend_irqs(unsigned long arg)
1209 + irq = find_first_bit(irqs_resend, nr_irqs);
1210 + clear_bit(irq, irqs_resend);
1211 + desc = irq_to_desc(irq);
1212 ++ if (!desc)
1213 ++ continue;
1214 + local_irq_disable();
1215 + desc->handle_irq(desc);
1216 + local_irq_enable();
1217 +diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
1218 +index cd8deea2d074..db6b65a5f811 100644
1219 +--- a/net/bridge/br_mdb.c
1220 ++++ b/net/bridge/br_mdb.c
1221 +@@ -256,7 +256,7 @@ static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
1222 + struct nlmsghdr *nlh;
1223 + struct nlattr *nest;
1224 +
1225 +- nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), NLM_F_MULTI);
1226 ++ nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
1227 + if (!nlh)
1228 + return -EMSGSIZE;
1229 +
1230 +diff --git a/net/core/dev.c b/net/core/dev.c
1231 +index 152e1e6316e6..18a5154e2f25 100644
1232 +--- a/net/core/dev.c
1233 ++++ b/net/core/dev.c
1234 +@@ -6837,6 +6837,8 @@ int register_netdevice(struct net_device *dev)
1235 + ret = notifier_to_errno(ret);
1236 + if (ret) {
1237 + rollback_registered(dev);
1238 ++ rcu_barrier();
1239 ++
1240 + dev->reg_state = NETREG_UNREGISTERED;
1241 + }
1242 + /*
1243 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1244 +index 30c5500b0899..b0677b265b48 100644
1245 +--- a/net/ipv4/tcp_input.c
1246 ++++ b/net/ipv4/tcp_input.c
1247 +@@ -225,7 +225,7 @@ static void tcp_ecn_accept_cwr(struct tcp_sock *tp, const struct sk_buff *skb)
1248 +
1249 + static void tcp_ecn_withdraw_cwr(struct tcp_sock *tp)
1250 + {
1251 +- tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR;
1252 ++ tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR;
1253 + }
1254 +
1255 + static void __tcp_ecn_check_ce(struct sock *sk, const struct sk_buff *skb)
1256 +diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
1257 +index a830b68e63c9..c846cff26933 100644
1258 +--- a/net/ipv6/ping.c
1259 ++++ b/net/ipv6/ping.c
1260 +@@ -234,7 +234,7 @@ static int __net_init ping_v6_proc_init_net(struct net *net)
1261 + return ping_proc_register(net, &ping_v6_seq_afinfo);
1262 + }
1263 +
1264 +-static void __net_init ping_v6_proc_exit_net(struct net *net)
1265 ++static void __net_exit ping_v6_proc_exit_net(struct net *net)
1266 + {
1267 + return ping_proc_unregister(net, &ping_v6_seq_afinfo);
1268 + }
1269 +diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
1270 +index b666959f17c0..b7c13179fa40 100644
1271 +--- a/net/netfilter/nf_conntrack_ftp.c
1272 ++++ b/net/netfilter/nf_conntrack_ftp.c
1273 +@@ -334,7 +334,7 @@ static int find_pattern(const char *data, size_t dlen,
1274 + i++;
1275 + }
1276 +
1277 +- pr_debug("Skipped up to `%c'!\n", skip);
1278 ++ pr_debug("Skipped up to 0x%hhx delimiter!\n", skip);
1279 +
1280 + *numoff = i;
1281 + *numlen = getnum(data + i, dlen - i, cmd, term, numoff);
1282 +diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
1283 +index aa4725038f94..eec6dc2d3152 100644
1284 +--- a/net/sched/sch_generic.c
1285 ++++ b/net/sched/sch_generic.c
1286 +@@ -671,7 +671,11 @@ static void qdisc_rcu_free(struct rcu_head *head)
1287 +
1288 + void qdisc_destroy(struct Qdisc *qdisc)
1289 + {
1290 +- const struct Qdisc_ops *ops = qdisc->ops;
1291 ++ const struct Qdisc_ops *ops;
1292 ++
1293 ++ if (!qdisc)
1294 ++ return;
1295 ++ ops = qdisc->ops;
1296 +
1297 + if (qdisc->flags & TCQ_F_BUILTIN ||
1298 + !atomic_dec_and_test(&qdisc->refcnt))
1299 +diff --git a/net/sched/sch_hhf.c b/net/sched/sch_hhf.c
1300 +index aff2a1b46f7f..dc68dccc6b0c 100644
1301 +--- a/net/sched/sch_hhf.c
1302 ++++ b/net/sched/sch_hhf.c
1303 +@@ -552,7 +552,7 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt)
1304 + new_hhf_non_hh_weight = nla_get_u32(tb[TCA_HHF_NON_HH_WEIGHT]);
1305 +
1306 + non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight;
1307 +- if (non_hh_quantum > INT_MAX)
1308 ++ if (non_hh_quantum == 0 || non_hh_quantum > INT_MAX)
1309 + return -EINVAL;
1310 +
1311 + sch_tree_lock(sch);
1312 +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
1313 +index 247d1888c386..07c54b212cd7 100644
1314 +--- a/net/sctp/protocol.c
1315 ++++ b/net/sctp/protocol.c
1316 +@@ -1331,7 +1331,7 @@ static int __net_init sctp_ctrlsock_init(struct net *net)
1317 + return status;
1318 + }
1319 +
1320 +-static void __net_init sctp_ctrlsock_exit(struct net *net)
1321 ++static void __net_exit sctp_ctrlsock_exit(struct net *net)
1322 + {
1323 + /* Free the control endpoint. */
1324 + inet_ctl_sock_destroy(net->sctp.ctl_sock);
1325 +diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
1326 +index e5cd14307aa5..7c220e905168 100644
1327 +--- a/net/sctp/sm_sideeffect.c
1328 ++++ b/net/sctp/sm_sideeffect.c
1329 +@@ -505,7 +505,7 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
1330 + */
1331 + if ((transport->state == SCTP_ACTIVE) &&
1332 + (transport->error_count < transport->pathmaxrxt) &&
1333 +- (transport->error_count > asoc->pf_retrans)) {
1334 ++ (transport->error_count > transport->pf_retrans)) {
1335 +
1336 + sctp_assoc_control_transport(asoc, transport,
1337 + SCTP_TRANSPORT_PF,
1338 +diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
1339 +index c4c151bc000c..b57675f81ceb 100644
1340 +--- a/net/tipc/name_distr.c
1341 ++++ b/net/tipc/name_distr.c
1342 +@@ -284,7 +284,8 @@ static void tipc_publ_purge(struct net *net, struct publication *publ, u32 addr)
1343 + publ->key);
1344 + }
1345 +
1346 +- kfree_rcu(p, rcu);
1347 ++ if (p)
1348 ++ kfree_rcu(p, rcu);
1349 + }
1350 +
1351 + void tipc_publ_notify(struct net *net, struct list_head *nsub_list, u32 addr)
1352 +diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
1353 +index 8882b729924d..976deea0569e 100644
1354 +--- a/security/keys/request_key_auth.c
1355 ++++ b/security/keys/request_key_auth.c
1356 +@@ -71,6 +71,9 @@ static void request_key_auth_describe(const struct key *key,
1357 + {
1358 + struct request_key_auth *rka = key->payload.data[0];
1359 +
1360 ++ if (!rka)
1361 ++ return;
1362 ++
1363 + seq_puts(m, "key:");
1364 + seq_puts(m, key->description);
1365 + if (key_is_positive(key))
1366 +@@ -88,6 +91,9 @@ static long request_key_auth_read(const struct key *key,
1367 + size_t datalen;
1368 + long ret;
1369 +
1370 ++ if (!rka)
1371 ++ return -EKEYREVOKED;
1372 ++
1373 + datalen = rka->callout_len;
1374 + ret = datalen;
1375 +
1376 +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
1377 +index 532e7bf06868..58cf16188722 100644
1378 +--- a/tools/power/x86/turbostat/turbostat.c
1379 ++++ b/tools/power/x86/turbostat/turbostat.c
1380 +@@ -3014,7 +3014,7 @@ int initialize_counters(int cpu_id)
1381 +
1382 + void allocate_output_buffer()
1383 + {
1384 +- output_buffer = calloc(1, (1 + topo.num_cpus) * 1024);
1385 ++ output_buffer = calloc(1, (1 + topo.num_cpus) * 2048);
1386 + outp = output_buffer;
1387 + if (outp == NULL)
1388 + err(-1, "calloc output buffer");
1389 +diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c
1390 +index 571c1ce37d15..5c1efb869df2 100644
1391 +--- a/virt/kvm/coalesced_mmio.c
1392 ++++ b/virt/kvm/coalesced_mmio.c
1393 +@@ -39,7 +39,7 @@ static int coalesced_mmio_in_range(struct kvm_coalesced_mmio_dev *dev,
1394 + return 1;
1395 + }
1396 +
1397 +-static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)
1398 ++static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev, u32 last)
1399 + {
1400 + struct kvm_coalesced_mmio_ring *ring;
1401 + unsigned avail;
1402 +@@ -51,7 +51,7 @@ static int coalesced_mmio_has_room(struct kvm_coalesced_mmio_dev *dev)
1403 + * there is always one unused entry in the buffer
1404 + */
1405 + ring = dev->kvm->coalesced_mmio_ring;
1406 +- avail = (ring->first - ring->last - 1) % KVM_COALESCED_MMIO_MAX;
1407 ++ avail = (ring->first - last - 1) % KVM_COALESCED_MMIO_MAX;
1408 + if (avail == 0) {
1409 + /* full */
1410 + return 0;
1411 +@@ -66,24 +66,27 @@ static int coalesced_mmio_write(struct kvm_vcpu *vcpu,
1412 + {
1413 + struct kvm_coalesced_mmio_dev *dev = to_mmio(this);
1414 + struct kvm_coalesced_mmio_ring *ring = dev->kvm->coalesced_mmio_ring;
1415 ++ __u32 insert;
1416 +
1417 + if (!coalesced_mmio_in_range(dev, addr, len))
1418 + return -EOPNOTSUPP;
1419 +
1420 + spin_lock(&dev->kvm->ring_lock);
1421 +
1422 +- if (!coalesced_mmio_has_room(dev)) {
1423 ++ insert = READ_ONCE(ring->last);
1424 ++ if (!coalesced_mmio_has_room(dev, insert) ||
1425 ++ insert >= KVM_COALESCED_MMIO_MAX) {
1426 + spin_unlock(&dev->kvm->ring_lock);
1427 + return -EOPNOTSUPP;
1428 + }
1429 +
1430 + /* copy data in first free entry of the ring */
1431 +
1432 +- ring->coalesced_mmio[ring->last].phys_addr = addr;
1433 +- ring->coalesced_mmio[ring->last].len = len;
1434 +- memcpy(ring->coalesced_mmio[ring->last].data, val, len);
1435 ++ ring->coalesced_mmio[insert].phys_addr = addr;
1436 ++ ring->coalesced_mmio[insert].len = len;
1437 ++ memcpy(ring->coalesced_mmio[insert].data, val, len);
1438 + smp_wmb();
1439 +- ring->last = (ring->last + 1) % KVM_COALESCED_MMIO_MAX;
1440 ++ ring->last = (insert + 1) % KVM_COALESCED_MMIO_MAX;
1441 + spin_unlock(&dev->kvm->ring_lock);
1442 + return 0;
1443 + }
Report Message
Find on MARC Find on Google Groups